Browser security may include trust-based techniques that use same-origin content policies. A same-origin content policy may grant content privileges based at least in part on the content having been received from a particular location. Cross-site scripting attacks may seek to obtain privileges by injecting malicious material into content hosted by a site that contains other non-malicious information. For example, a cross-site scripting attack may induce a website to include script code controlled by an attacker on either a persistent or non-persistent basis. Existing techniques for deterring these attacks, such as restricting the locations from which script code may be sourced or restricting the actions that script code may perform, are not sufficient at protecting against new ways of delivering script code.
Accordingly, it is often challenging to defend against cross-site scripting attacks by detecting abnormalities in resulting content documents. It is also challenging to better protect against unanticipated ways of delivering script code or script code cloaking anti-security technologies.